Your master password
Site name
Generated password

What is this?

I hate passwords. I mean, I don't mind having really important ones be made-up and memorized but what about all those e-commerce and community sites that want me to create accounts? I end up using the same password at all of them and then I feel stupid knowing that one SQL Server exploit or disgruntled admin could cost me my whole identity.

So, this is a little Javascript program that will generate a SHA-1 hash from each site's name. The idea is that you choose one master password to secure all your others, and then generate passwords for each site, server, router, &c. by putting a completely obvious name for that resource in the "Site name" field.

Then just hit return and copy your new password so you can paste it into whatever site you're registering at. It'll be different for every site, and undiscoverable by anyone who doesn't know your master password — but you can always retrieve it by simply using this form again.

(Note that all this is done by your browser running the program that's in the source of this page; nothing is passed back to my server. You can make your own local copy of this page, use it off-line, &c.)

Here's a bookmarklet version, which you can drag to your bookmark list to keep handy. (This now hashes the domain instead of the hostname, since so many sites use different servers for registration and login.)

Here's an excellent iPhone version, courtesy of Karim Cassam Chenaï. Here's a copy of this page in Belorussian, courtesy of Jason Fragoso

All the passwords generated by this page end in "1a", a cheap hack to guarantee that they satisfy the "must contain at least one letter and one number" requirement that some sites impose. Here's a version of this page that doesn't do that.